Analyst Perspective: 2018 Cybersecurity Forecast

It’s that time of year again when we look back at the past year and try to anticipate what we can expect in the coming year. I spend most of my time analyzing vast quantities of threat data, looking for trends and creating intel that gives customers critical insights to better prepare for what cyber threats are on the horizon. With that context, here is my cybersecurity forecast for 2018.

1. In 2018, individuals and organizations will learn the hard way personal identifiers should not be used as authenticators.

Despite long-held and widespread confusion among most organizations, there is an important difference between an identifier and an authenticator. Information used as a personal identifier can be things like a social security number, a driver’s license number and even an address. An authenticator can be a question that, when answered correctly, proves you are who you say you are. Knowledge-based authentication includes questions like what is your high school mascot. What was your first car? Or, they could be based on credit report data and a multitude of other possibilities that are often used as cheap authenticators as opposed to more expensive but more secure options such as Two-Factor Authentication (2FA).

Unfortunately, too many organizations use identifiers as authenticators and massive breaches like Equifax tell us this will be an even bigger problem in 2018. Equifax stored numerous personal identifiers on millions of individuals and the theft of that information puts personally identifiable information (PII) for every one of them at risk, particularly at organizations who use identifiers as authenticators. As an example, think of when you call your bank and they ask for the last four digits of your social, name, date of birth….all of those are identifiers, not authenticators. How many hackers now have that information as a result of Equifax? In 2018, individuals and organizations alike will learn this lesson again, the hard way. The most important solution to this problem is for organizations to stop using identifiers as authenticators.

2. Partnerships, supply chain and as-a-service relationships will give rise to more breaches next year.

Business is increasingly digital and savvy organizations are extending their reach and offering customer convenience via partnerships, supply chain integration and the use of as-a-service functionality. While an increasingly popular business acceleration approach, this extensive outsourcing can also be a security nightmare. Deloitte and Booz Allen fell victim to this in 2017 and we will see more breaches that are the result of attacks via partner networks next year.

In a partnership, organizations share data and brand reputation. Companies should develop cyber hygiene best practices and expect all partners to follow them. Strong contractual language should be written, in line with any applicable regulatory requirements, and an organization should limit business with a potential partner until the contract is agreed to and/or build in new language at the time of partnership renewal. Unfortunately, this could mean tough conversations for procurement departments. Because these best practice requirements will likely impact budget both for meeting new requirements and enforcing them, organizations need to build this into the year and manage ongoing costs accordingly.

3. Small business healthcare organizations will evolve to be the preferred target of attackers using ransomware and extortion in 2018.

Ransomware will be a consistent line of business for hackers around the globe but the intended targets will become more focused to include SMBs who are less prepared to defend against the attacks. As such, ransoms may be lower in amount so smaller organizations are able to pay. Regional healthcare clinics and hospitals will be hardest hit next year, primarily because they are considered to be easy targets by so many. The least amount of effort for the highest payoff is what these ‘business people’ are after.

How many more times do we have to see the “I’m sorry” letter from the CEO before companies look at breach response seriously? As cybersecurity climbs the priority list in boardrooms everywhere, organizations are waking up to the fact this is much more than a technical issue. It’s an organizational priority and while there will be company blunders for sure, we will start to see better breach response.

Incident response is IT operations and security working to prevent security incidents as well as remediation when something does happen. Breach response is much bigger than that – it’s how an entire organization responds to a breach that impacts customer data, from bottom line numbers impacted by remediation costs to future company reputation. Breach response involves action from the CEO, the board, the legal department, marketing and PR teams, and others.

Equifax is a prime example of how not to handle breach response. The organization made misstep after misstep in a very public spotlight. That negative attention inevitably woke up a few organizations to the reality breach response must be prioritized, planned for, and practiced.

5. Machine learning technologies will become more defined and mature as a capability.

Machine learning is a buzzword that means a little something different to everyone, but I expect to see more clarity to this capability in the coming year. The goal of machine learning technology is to lessen the burden on people and to increase the speed of processing, understanding and acting on overwhelming quantities of data. Security technology continues to advance and we will continue to see better, higher quality data as a result. We are making processing improvements and smarter human response is then possible. Machine learning or automation will continue to improve in 2018 and so will the quality of threat intelligence data. Combining machine-learning threat intelligence capabilities with human experts who can provide analysis, insights and recommendations is the best of both worlds so to speak.

Adam Meyer is Chief Security Strategist at SurfWatch Labs. He has served in leadership positions in the defense, technology, and critical infrastructure sectors for more than 15 years. Prior to joining SurfWatch Labs, he was CISO for the Washington Metropolitan Area Transit Authority. He formerly served as the Director of Information Assurance and Command IA Program Manager for the Naval Air Warfare Center, Naval Air Systems Command one of the Navy's premier engineering and acquisition commands. Mr. Meyer holds undergraduate and graduate degrees from American Military University and Capitol College.